Development of University of Indonesia next generation firewall prototype and access control with deep packet inspection

Abstract

Currently there are dozens of internet based applications. Each of these applications can be accessed by their user on the same application layer protocols but different pattern of payloads. For example social network applications like Facebook, Twitter and Google Plus. Each of them can be accessed using HTTPS protocol, but with different payload for each applications. It also possible to access a service in internet by using tunneled protocol, for example Bit Torrent protocol can be tunneled on top HTTP access. These kind of access modes make standard firewalls obsolete to regulate our university internet access control. In this research, we are aiming to prove whether an application layer access control can be developed using Deep Packet Inspection Method. With the deep packet inspection method, it is possible to identify applications based on their application signature. If the application signature can be identified, we can construct more robust rules to regulate university internet access control. We are developing a prototype of application layer access control using several number of free/open source software components. One of these components is Deep Packet Inspection Library - nDPI - which will become our main focus. This research also will explain the way to assemble those software components in order to perform access control functions. We are also performing a test against nDPI payload detection mechanism and the results are reported in this paper.